1. Home
  2. CVE Database
  3. CVE-2019-18248
MEDIUM · 4.3

CVE-2019-18248

BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentia...

Vulnerability Description

BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
BiotronikCardiomessenger Ii-S Gsm Firmware2.20
BiotronikCardiomessenger Ii-S Gsm-
BiotronikCardiomessenger Ii-S T-Line Firmware2.20
BiotronikCardiomessenger Ii-S T-Line-

Related Weaknesses (CWE)

CWE-319

References

FAQ

What is CVE-2019-18248?

CVE-2019-18248 is a vulnerability with a CVSS score of 4.3 (MEDIUM). BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentia...

How severe is CVE-2019-18248?

CVE-2019-18248 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-18248?

Check the references section above for vendor advisories and patch information. Affected products include: Biotronik Cardiomessenger Ii-S Gsm Firmware, Biotronik Cardiomessenger Ii-S Gsm, Biotronik Cardiomessenger Ii-S T-Line Firmware, Biotronik Cardiomessenger Ii-S T-Line.